protocol – Page 27 – Experimental News Clipping Site

Embrace The Red: Claude Code: Data Exfiltration with DNS Requests

Aug 11, 2025

—

by

Source URL: https://embracethered.com/blog/posts/2025/claude-code-exfiltration-via-dns-requests/ Source: Embrace The Red Title: Claude Code: Data Exfiltration with DNS Requests Feedly Summary: Today we cover Claude Code and a high severity vulnerability that Anthropic fixed in early June. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g.…

The Register: Deepfake detectors are slowly coming of age, at a time of dire need

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/11/deepfake_detectors_fraud/ Source: The Register Title: Deepfake detectors are slowly coming of age, at a time of dire need Feedly Summary: By video, picture, and voice – the fakers are coming for your money DEF CON While AI was on everyone’s lips in Las Vegas this week at the trio of security conferences in…

New York Times – Artificial Intelligence : Why A.I. Should Make Parents Rethink Posting Photos of Their Children Online

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.nytimes.com/2025/08/11/technology/personaltech/ai-kids-photos.html Source: New York Times – Artificial Intelligence Title: Why A.I. Should Make Parents Rethink Posting Photos of Their Children Online Feedly Summary: Artificial intelligence apps generating fake nudes, amid other privacy concerns, make “sharenting” far riskier than it was just a few years ago. AI Summary and Description: Yes Summary: The text…

Slashdot: $1M Stolen in ‘Industrial-Scale Crypto Theft’ Using AI-Generated Code

Aug 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://yro.slashdot.org/story/25/08/11/0037258/1m-stolen-in-industrial-scale-crypto-theft-using-ai-generated-code?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: $1M Stolen in ‘Industrial-Scale Crypto Theft’ Using AI-Generated Code Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a sophisticated cybercrime operation, GreedyBear, which utilizes a highly coordinated strategy, weaponizing browser extensions and phishing sites to facilitate industrial-scale crypto theft. The group’s innovative techniques, including the modification…

The Register: Trend Micro offers weak workaround for already-exploited critical vuln in management console

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/10/infosec_in_brief/ Source: The Register Title: Trend Micro offers weak workaround for already-exploited critical vuln in management console Feedly Summary: PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more! Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro’s Apex One endpoint security platform…

Slashdot: WSJ Finds ‘Dozens’ of Delusional Claims from AI Chats as Companies Scramble for a Fix

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://slashdot.org/story/25/08/10/2023212/wsj-finds-dozens-of-delusional-claims-from-ai-chats-as-companies-scramble-for-a-fix?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: WSJ Finds ‘Dozens’ of Delusional Claims from AI Chats as Companies Scramble for a Fix Feedly Summary: AI Summary and Description: Yes Summary: The Wall Street Journal has reported on concerning instances where ChatGPT and other AI chatbots have reinforced delusional beliefs, leading users to trust in fantastical narratives,…

Embrace The Red: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/openhands-remote-code-execution-zombai/ Source: Embrace The Red Title: OpenHands ZombAI Exploit: Prompt Injection To Remote Code Execution Feedly Summary: Today we have another post about OpenHands from All Hands AI. It is a popular agent, initially named “OpenDevin”, and recently the company also provides a cloud-based service. Which is all pretty cool and exciting. Prompt…

The Register: The inside story of the Telemessage saga, and how you can view the data

Aug 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/10/telemessage_archive_online/ Source: The Register Title: The inside story of the Telemessage saga, and how you can view the data Feedly Summary: It turns out no one was clean on OPSEC DEF CON On Saturday at DEF CON, security boffin Micah Lee explained just how he hacked into TeleMessage, the supposedly secure messaging app…

Simon Willison’s Weblog: When a Jira Ticket Can Steal Your Secrets

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/when-a-jira-ticket-can-steal-your-secrets/ Source: Simon Willison’s Weblog Title: When a Jira Ticket Can Steal Your Secrets Feedly Summary: When a Jira Ticket Can Steal Your Secrets Zenity Labs describe a classic lethal trifecta attack, this time against Cursor, MCP, Jira and Zendesk. They also have a short video demonstrating the issue. Zendesk support emails are…

Simon Willison’s Weblog: My Lethal Trifecta talk at the Bay Area AI Security Meetup

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://simonwillison.net/2025/Aug/9/bay-area-ai/#atom-everything Source: Simon Willison’s Weblog Title: My Lethal Trifecta talk at the Bay Area AI Security Meetup Feedly Summary: I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, the lethal trifecta and the challenges of securing systems that use MCP. It wasn’t recorded but I’ve created…

Tag: protocol